FBI briefed on alternate Sony hack theory

FBI agents who are investigating the Sony Pictures hack were briefed recently by a security firm that says its research on the attacks points to laid-off Sony staff and not to North Korea, as the perpetrator.

Even the unprecedented decision to release details of an ongoing FBI investigation and President Barack Obama publicly blaming the hermit authoritarian regime hasn’t quieted a chorus of well-qualified skeptics who say the evidence just doesn’t add up.

Hackers who targeted Sony Pictures over the release of the film The Interview “got sloppy” and inadvertently revealed their links to North Korea, according to the director of the FBI.

James ComeyPicture: James Comey, the director of the Federal Bureau of Investigation

Speaking at the International Conference on Cyber Security James Comey said hackers had mistakenly sent messages that could be traced to IP addresses used exclusively by North Korea.

Comey said the North Korean origins of the cyber attack were evident despite the use of proxy servers in other countries to throw investigators off their trail.

"It was a mistake by them," he said. "It made it very clear who was doing this."

The US federal investigations chief added that he had a “very high confidence” that the attack was carried out by North Korea, “as does the entire intelligence community”.

However researchers from the cyber intelligence company Norse have said their own investigation into the data on the Sony attack doesn’t point to North Korea at all and instead indicates some combination of a disgruntled employee and hackers for piracy groups is at fault.
The FBI says it is standing by its conclusions, but the security community says the agency has been open and receptive to help from the private sector throughout the Sony investigation.

Norse, one of the world’s leading cyber intelligence firms, has been researching the hack since it was made public just before Thanksgiving.

Norse’s senior vice president of market development said the quickness of the FBI’s conclusion that North Korea was responsible was a red flag.

“When the FBI made the announcement so soon after the initial hack was unveiled, everyone in the [cyber] intelligence community kind of raised their eyebrows at it, because it’s really hard to pin this on anyone within days of the attack,” Kurt Stammberger said in an interview as his company briefed FBI investigators Monday afternoon.

He said the briefing was set up after his company approached the agency with its findings.
Stammberger said after the meeting the FBI was “very open and grateful for our data and assistance” but didn’t share any of its data with Norse, although that was what the company expected.

The FBI afterwards said that it is standing behind its assessment, adding that evidence doesn’t support any other explanations.

“The FBI has concluded the Government of North Korea is responsible for the theft and destruction of data on the network of Sony Pictures Entertainment. Attribution to North Korea is based on intelligence from the FBI, the US intelligence community, DHS, foreign partners and the private sector,” a spokeswoman said in a statement. “There is no credible information to indicate that any other individual is responsible for this cyber incident.”

In addition to Norse’s analysis of Internet forums where perpetrators may have communicated and compiled dates within the malware used, a report from firm Taia Global said a linguistic analysis of the purported hacker messages points to Russian speakers rather than Korean.
The official said law enforcement is still treating the incident as an “active criminal investigation” but that that may or may not lead to a prosecution built on evidence that goes beyond a reasonable doubt.

And recently US Director of National Intelligence James Clapper has said at a cybersecurity conference that he suspects his North Korean counterpart to be behind the hack of Sony Pictures. The Daily Beast reports that Clapper said during his talk at the International Conference on Cybersecurity that General Kim Youn Chol may have been behind the hack.

Clapper explained that if North Korea were behind the hack, then General Kim would have had to authorise the action. General Kim is a four-star general in charge of North Korea's Reconnaissance General Bureau, the organisation that Clapper claims is responsible for the Sony hack.

Sony’s chief exec Kazuo Hirai said he does not expect the November cyber attack on the company's film studio to have a significant financial impact on the entertainment conglomerate, two weeks after the studio rolled out the movie after the attack.

"We are still reviewing the effects of the cyber attack," Hirai told reporters at the Consumer Electronics Show in Las Vegas. "However, I do not see it as something that will cause a material upheaval on Sony Pictures business operations, basically, in terms of results for the current fiscal year."

The studio, Sony Pictures Entertainment, said separately that the film, "The Interview," has generated revenue of $36 million (23 million pounds).

http://www.politico.com/story/2014/12/fbi-briefed-on-alternate-sony-hack-theory

http://uk.businessinsider.com/us-official-names-the-north-korean-general

http://world.einnews.com/article/243326473/qroI9QR0FlWGYhvP

http://uk.reuters.com/article/2015/01/06/uk-sony-cybersecurity

http://www.theregister.co.uk/2015/01/08/sony_megahack_financial_impact/

« ‘Anonymous’ Call For Revenge On Charlie Hebdo Terrorists
Dark Web thrives despite Operation Onymous »

Infosecurity Europe
CyberSecurity Jobsite
Perimeter 81

Directory of Suppliers

NordLayer

NordLayer

NordLayer is an adaptive network access security solution for modern businesses — from the world’s most trusted cybersecurity brand, Nord Security. 

BackupVault

BackupVault

BackupVault is a leading provider of automatic cloud backup and critical data protection against ransomware, insider attacks and hackers for businesses and organisations worldwide.

Infosecurity Europe, 3-5 June 2025, ExCel London

Infosecurity Europe, 3-5 June 2025, ExCel London

This year, Infosecurity Europe marks 30 years of bringing the global cybersecurity community together to further our joint mission of Building a Safer Cyber World.

ZenGRC

ZenGRC

ZenGRC (formerly Reciprocity) is a leader in the GRC SaaS landscape, offering robust and intuitive products designed to make compliance straightforward and efficient.

Syxsense

Syxsense

Syxsense brings together endpoint management and security for greater efficiency and collaboration between IT management and security teams.

Black Hat Briefings

Black Hat Briefings

The Black Hat Briefings are a series of highly technical information security conferences that bring together thought leaders from all facets of the infosec world.

APMG International (APM Group)

APMG International (APM Group)

APM Group is a global accreditation, certification and examination body specializing in certification schemes for individuals, organizations and software.

BPC Banking Technologies

BPC Banking Technologies

BPC’s advanced fraud prevention solution helps card issuers and acquirers combat the growing threat by monitoring 100% of transactions, online, in real-time across all channels.

Arsenal Recon

Arsenal Recon

Arsenal Recon are digital forensics experts, providing consultancy services and powerful software tools to improve the analysis of electronic evidence.

Techleap.nl

Techleap.nl

Techleap.nl is a non-profit publicly funded organisation helping to quantify and accelerate the tech ecosystem of the Netherlands.

TalaTek

TalaTek

TalaTek is a full-service risk management firm providing expert services in risk management, cybersecurity, and compliance.

e-Careers

e-Careers

e-Careers is an edtech institution that provides industry recognised courses and up-skilling solutions to individuals and organisations.

WhizHack Technologies

WhizHack Technologies

WhizHack's mission is to not only create a pipeline of cyber security products but also to empower people to sustainable innovation in securing digital assets of tomorrow.

Asimily

Asimily

Asimily’s IoMT risk remediation platform holistically secures the mission-critical healthcare devices that deliver safe and reliable care.

Mission Critical Partners (MCP)

Mission Critical Partners (MCP)

Mission Critical Partners is committed to delivering innovative solutions that help our clients enhance and evolve their critical-communications systems and operations.

Acora

Acora

Acora provide a range of best-in-class managed services, Microsoft-centric business software, and cloud solutions designed to help mid-market organisations succeed in the digital economy.

Pillr

Pillr

Pillr is a cybersecurity operations platform capable of adapting to the demands of your business and team — and the global threat landscape.

Maintel

Maintel

Maintel provides cloud and managed communications services. We help our customers to deliver exceptional customer experiences, and to securely access their applications and their data.

Myntex

Myntex

Myntex® builds the future of mobile security. We empower our partners to deliver exclusive mobile endpoint security software, fortifying against mobile threats, device exploits and data exfiltration.

LEPHISH

LEPHISH

LePhish is a French cybersecurity solution specializing in automated phishing campaigns.

enQase

enQase

enQase offers security beyond PQC; the only comprehensive, scalable solution that utilizes enhanced quantum technologies to protect data against current and future quantum threats.